GHSA-gphj-4h6p-37xq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gphj-4h6p-37xq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-gphj-4h6p-37xq/GHSA-gphj-4h6p-37xq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gphj-4h6p-37xq
- Aliases
- Downstream
- Published
- 2025-12-19T00:31:42Z
- Modified
- 2025-12-20T12:25:57.890723Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation
- Details
-
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
- Database specific
{ "severity": "MODERATE", "github_reviewed_at": "2025-12-19T21:07:24Z", "cwe_ids": [ "CWE-770" ], "nvd_published_at": "2025-12-18T23:15:49Z", "github_reviewed": true }- References
Affected packages
Maven
org.elasticsearch.plugin:x-pack-core
Package
- Name
- org.elasticsearch.plugin:x-pack-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch.plugin/x-pack-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.19.8
Affected versions
6.*
6.8.11
6.8.12
6.8.13
6.8.14
6.8.15
6.8.16
6.8.17
6.8.18
6.8.19
6.8.20
6.8.21
6.8.22
6.8.23
7.*
7.8.1
7.9.0
7.9.1
7.9.2
7.9.3
7.10.0
7.10.1
7.10.2
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.13.0
7.13.1
7.13.2
7.13.3
7.13.4
7.14.0
7.14.1
7.14.2
7.15.0
7.15.1
7.15.2
7.16.0
7.16.1
7.16.2
7.16.3
7.17.0
7.17.1
7.17.2
7.17.3
7.17.4
7.17.5
7.17.6
7.17.7
7.17.8
7.17.9
7.17.10
7.17.11
7.17.12
7.17.13
7.17.14
7.17.15
7.17.16
7.17.17
7.17.18
7.17.19
7.17.20
7.17.21
7.17.22
7.17.23
7.17.24
7.17.25
7.17.26
7.17.27
7.17.28
7.17.29
8.*
8.0.0-alpha1
8.0.0-alpha2
8.0.0-beta1
8.0.0-rc1
8.0.0-rc2
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.1.3
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.4.1
8.4.2
8.4.3
8.5.0
8.5.1
8.5.2
8.5.3
8.6.0
8.6.1
8.6.2
8.7.0
8.7.1
8.8.0
8.8.1
8.8.2
8.9.0
8.9.1
8.9.2
8.10.0
8.10.1
8.10.2
8.10.3
8.10.4
8.11.0
8.11.1
8.11.2
8.11.3
8.11.4
8.12.0
8.12.1
8.12.2
8.13.0
8.13.1
8.13.2
8.13.3
8.13.4
8.14.0
8.14.1
8.14.2
8.14.3
8.15.0
8.15.1
8.15.2
8.15.3
8.15.4
8.15.5
8.16.0
8.16.1
8.16.2
8.16.3
8.16.4
8.16.5
8.16.6
8.17.0
8.17.1
8.17.2
8.17.3
8.17.4
8.17.5
8.17.6
8.17.7
8.17.8
8.17.9
8.17.10
8.18.0
8.18.1
8.18.2
8.18.3
8.18.4
8.18.5
8.18.6
8.18.7
8.18.8
8.19.0
8.19.1
8.19.2
8.19.3
8.19.4
8.19.5
8.19.6
8.19.7
org.elasticsearch.plugin:x-pack-core
Package
- Name
- org.elasticsearch.plugin:x-pack-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch.plugin/x-pack-core
org.elasticsearch.plugin:x-pack-core
Package
- Name
- org.elasticsearch.plugin:x-pack-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch.plugin/x-pack-core